Pentester

Best firefox addons for Hacking:
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP

192 views18:48

Pentester

Just posted Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps https://t.co/GNQ6sY4IeA

spaceraccoon.dev

Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps — spaceraccoon.dev

Motivation Diving straight into reverse-engineering iOS apps can be daunting and time-consuming. While wading into the binary can pay of...

170 views04:55

Pentester

https://github.com/aas-n/spraykatz/

GitHub

GitHub - aas-n/spraykatz: Credentials gathering tool automating remote procdump and parse of lsass process.

Credentials gathering tool automating remote procdump and parse of lsass process. - aas-n/spraykatz

141 views06:15

Pentester

lsassy 1.0.0 is finally out !
🔸 Remotely dump lsass with built-in Windows tools only, procdump is no longer necessary
🔸 Remotely parse lsass dumps to extract credentials
🔸 Link to Bloodhound to detect compromised users with path to Domain Admin
https://t.co/NxIFkc2DUk

GitHub

GitHub - Hackndo/lsassy: Extract credentials from lsass remotely

Extract credentials from lsass remotely. Contribute to Hackndo/lsassy development by creating an account on GitHub.

141 views17:39

Pentester

CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the toBSON method

however there are lots of no-auth mongo-express ...

shodan: https://t.co/9J4qhXL1Im

poc: https://t.co/mtChbxVDrw

GitHub

GitHub - masahiro331/CVE-2019-10758

Contribute to masahiro331/CVE-2019-10758 development by creating an account on GitHub.

135 views18:35

Pentester

https://hipotermia.pw/bb/http-desync-account-takeover

hipotermia.pw

hipotermia - Account takeover via HTTP Request Smuggling

A bug chain of HTTP Request Smuggling that led to account takeover

121 views08:24

Pentester

https://blog.jmpesp.org/2020/01/fuzzing-php-with-domato.html?m=1

blog.jmpesp.org

Fuzzing PHP with Domato

For clarity and brevity, the code referenced below has been distilled to simplest form. The complete versions which were actually used for...

128 views08:24

Pentester

https://community.turgensec.com/ssh-hacking-guide/

134 views08:25

Pentester

Resources-for-Beginner-Bug-Bounty-Hunters : A list of resources for those interested in getting started in bug bounties https://t.co/OiU5febmIl

GitHub

nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

128 views08:05

Pentester

Awesome mobile security - one place to find all android and ios security related stuffs like labs, talks, papers, courses, and tools : https://t.co/4pyUYjAeoe

GitHub

vaib25vicky/awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it. - vaib25vicky/a...

133 views08:06

Pentester

One of the scarier bugs: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! https://t.co/suHzsgtfd9

allysonomalley.com

Saying Goodbye to my Favorite 5 Minute P1

In this post, I’m going to reveal the fastest, easiest P1 that I’ve ever reported – multiple times! It’s the sort of oversight that seems so simple to avoid, but surprisingl…

123 views05:55

Pentester

https://www.ambionics.io/blog/php-mt-rand-prediction

Ambionics

Breaking PHP's mt_rand() with 2 values and no bruteforce

We demonstrate how one can recover mt_rand()'s seed with only two outputs and without any bruteforce.

121 views05:57

Pentester

https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/